Security has evolved at an almost dizzying pace. Technology, scope, management, processes, are all in flux. Meanwhile, the stakes have never been higher. The cost of a breach can include the loss of assets, even loss of life. And then there are litigation and regulatory compliance penalties. What do you see as the underpinnings of the security business? Let me offer what I believe are three critical drivers behind the changing face of security operations.
First is the criticality of integration. Most security operations have invested heavily in new technologies. In the past it was pretty simple. Fire Alarms, CCTV and Access Control were the mainstay. Today, however, there are many new systems and sensors that have entered into the equation: GIS, perimeter protection, chemical sensors, asset tracking, biometrics, License Plate Recognition, and Panic Buttons to name a few. You’ve probably heard the phrase “Connect the Dots” a lot recently, and with good reason. Consider this. All of these sensors and systems, from many different security vendors, generate tons of data. But for the information to be truly useful, you need seamless visibility across all of them. Thus integration is critical.
Another leading driver is the emergence of IP networking in security. From the improvement in technology to the effect on costs to increased partnership of IT in security system choices, IP Networks are changing the security landscape. IP enables technology deployment strategies that are very cost effective and efficient. With IP, infrastructure can be shared. And information can be shared…seamlessly…securely. New systems and upgrades to existing systems can be rolled out faster. Another positive effect of IP networking is that security and IT (once friendly foes, now allies) work closer together, ensuring that IT requirements are met and that solutions are deployed in the most cost effective way possible.
Last is the impact of an increasingly regulated business environment. As regulation grows in scope and complexity, compliance is more difficult to manage, with penalties for non compliance stiffer. As an example, last year, in the first significant fine of a utility associated with NERC compliance, Florida Power & Light was fined $25M for NERC violations that occurred during a blackout in Florida in 2008. Universities have also seen an escalation in campus safety regulations with new Clery Act requirements. The TSA, FAA and NTSB all have a greater ‘say’ in airport security. Almost every business has at least one regulatory body governing its security standards. The tentacles can be far reaching, touching many areas – from how systems and sensors are deployed to requirements for defined Conops plans, to incident reporting and auditing. Violations can have significant repercussions and costs, ranging from fines and litigation, to reputation damage, to incident resolution and recovery costs. It’s easy to see why managing regulatory compliance isn’t just another hot topic – it’s business critical.
Are any of these trends having an impact on your security operation? What’s keeping you up at night? Tell us about the sources of your security insomnia. We’d like to hear from you.